PRODUCT DESCRIPTION

The TOE is a Vulnerability Management System that scans specified targets for vulnerabilities and misconfiguration. It provides a management interface to configure the system and generate reports regarding the results of the scans.  

The TOE consists of the following components:

1. Enterprise Manager Component - The Enterprise Manager provides authorized users with access to the TOE through their Web browsers. It allows them to manage and run the TOE from anywhere on the network. Access is protected by user identification and authentication.
2. Scan Engine Component - One or more Scan Engines scan the network environment. Depending on the logistics and size of your network, you may need more than one Scan Engine to scan the network. The Scan Engine performs identification, interrogation, and vulnerability assessment of remote computer systems.
3. Scan Controller Component - The Scan Controller provides the communication between the scan engine and the database. Large or segmented networks (WANs) may require more than one scan controller to be deployed.
4. API Service - The API service provides an interface for Enterprise Manager to store data into and retrieve data from the Foundstone Database. This interaction uses SOAP over SSL.
5. Data synchronization service - The Data Synchronization Service enables Vulnerability Manager to import asset information from McAfee’s ePO enterprise management system or an LDAP directory such as Microsoft Active Directory. This integration permits Vulnerability Manager to learn about assets through a mechanism other than discovery scans.
6. Foundstone Database - The Foundstone Database is the data repository for the Vulnerability Manager system. It uses Microsoft SQL Server to store everything from scan settings and results to user accounts and Scan Engine settings. It contains all of the information needed to track organizations and workgroups, manage users and groups, run scans, and generate reports.
7. Report Server - The Report Server is responsible for generating reports requested by authorized users. It retrieves scan results from the Foundstone Database, prepares the report, and saves it for future review.
8. Web Application Scanner - The Web Application Scanner provides a scan configuration, vulnerability checks, and scan reports for web applications. The web application scanner module is a licensed item which can be purchased and added on to a Vulnerability Manager v7.0 deployment at any time. Any scan engine is capable of web application scanning once the module has been purchased with no additional software required.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that McAfee Corporation’s Vulnerability Manager Version 7.0 Security Target Version 0.8, October 21, 2011 meets the security requirements contained in the Security Target.

The criteria against which McAfee Corporation’s Vulnerability Manager Version 7.0 Security Target Version 0.8, October 21, 2011 was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the McAfee Corporation’s Vulnerability Manager Version 7.0 Security Target Version 0.8, October 21, 2011 is EAL 2 augmented with ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in September 2011. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The TOE’s Security Functions are:

Asset Data Import

The TOE may be configured to import data about assets from LDAP servers or McAfee ePO. The value of this functionality is that the information about the assets may be more accurate or complete than the information obtained from scans.

Security Audit

The TOE’s Audit Security Function provides auditing of management actions performed by administrators.

The audit records generated by the TOE are categorized by the following event types: Administrator actions, User actions, and System actions. Audit records include the date and time of the event, the type of the event, the subject identity, and a description of event.

Identification and Authentication

The TOE requires users to identify and authenticate themselves before accessing the TOE software or before viewing any TSF data or configuring any portion of the TOE. No action can be initiated before proper identification and authentication. Each TOE user has security attributes associated with his user account that defines the functionality the user is allowed to perform. When interacting with the TOE via the Enterprise Manager GUI7, identification and authentication is performed by the TOE. Identification and authentication for local login to the operating system (i.e., via a local console) is performed by Windows (IT Environment).

Security Management

The TOE’s Management Security Function provides administrator support functionality that enables a human user to configure and manage TOE components.

Management of the TOE may be performed via the Enterprise Manager. All user types may use the Enterprise Manager. The TOE provides the following management functions:

1. User management
2. Root organization management
3. Workgroup management
4. Scan Engine management
5. Asset management
6. Scan management
7. Report management
8. Known vulnerability management.

Asset Data Import

The TOE may be configured to import data about assets from LDAP servers or McAfee ePO. The value of this functionality is that the information about the assets may be more accurate or complete than the information obtained from scans.

Scanning

The TOE scans designated systems to detect known vulnerabilities on those systems. Results of the scans are stored in the database (the DBMS is in the IT Environment), and reports based upon completed scans may be retrieved via the GUI interface of the Enterprise Manager.

SEARCH CCEVS

Announcements

 »  14th International Common Criteria Conference

 »  Revision of NIAP Policy #12

 »  Mobile OS PP Updates

 »  Posting of Software Full Disk Encryption Protection Profile

Quick Links

Available products to assist in making a more secure infrastructure.

Approved protection profiles for use by vendors.

NIAP Technical Communities are key to the development of new Protection Profiles.

Find a lab to evaluate your product.

Find answers to commonly asked questions.

How to become an NVLAP Accredited Lab.

Collaboration Tools

CC Users Forum

NIAP TeamLab